Don't call tor_tls_set_logged_address till after checking conn->tls

author Nick Mathewson <nickm@torproject.org>

Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)

committer Nick Mathewson <nickm@torproject.org>

Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)
author Nick Mathewson <nickm@torproject.org>
Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)
committer Nick Mathewson <nickm@torproject.org>
Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)
diff --git a/changes/bug4531 b/changes/bug4531

new file mode 100644 (file)

index 0000000..6209f9a
--- /dev/null
+++ b/changes/bug4531
@@ -0,0 +1,4 @@
+  o Major bugfixes:
+    - Fix null-pointer access that could occur if TLS allocation failed.
+      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
+
diff --git a/src/or/connection_or.c b/src/or/connection_or.c

index 1fffba7733ef9730d70c34cb10d905a91f6cde4f..dc8850ea3fdead956084bd0e4d83f6c443d2ba77 100644 (file)
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -871,12 +871,12 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
  {
    conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING;
    conn->tls = tor_tls_new(conn->_base.s, receiving);
-  tor_tls_set_logged_address(conn->tls, // XXX client and relay?
-      escaped_safe_str(conn->_base.address));
    if (!conn->tls) {
      log_warn(LD_BUG,"tor_tls_new failed. Closing.");
      return -1;
    }
+  tor_tls_set_logged_address(conn->tls, // XXX client and relay?
+      escaped_safe_str(conn->_base.address));
    connection_start_reading(TO_CONN(conn));
    log_debug(LD_HANDSHAKE,"starting TLS handshake on fd %d", conn->_base.s);
    note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
author	Nick Mathewson <nickm@torproject.org>
	Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Fri, 2 Dec 2011 21:15:52 +0000 (16:15 -0500)
changes/bug4531	[new file with mode: 0644]	patch \| blob
src/or/connection_or.c		patch \| blob \| blame \| history